As reported by Politico, the personally identifiable information (PII) of some of the State Department's workforce has been exposed, however, the data breach is not thought to impact more than one percent of the staff roster.

"We have determined that certain employees' personally identifiable information (PII) may have been exposed," an alert states, dated September 7. "We have notified those employees."

The security notice was marked "Sensitive but Unclassified." No technical details of the security incident have been released to the public, nor who may be responsible.

According to the department, the impacted email system is considered unclassified, and there is no evidence to suggest other, classified email networks have also been compromised.

The State Department says it is currently investigating the incident and is "working with partner agencies to conduct a full assessment" of the data breach.

"Like any large organization with a global presence, we are a constant target for cyberattacks," the State Department said. "This is a good opportunity to remind everyone that we all play an important role in protecting Department information, especially when it comes to the use of secure and safe passwords, and reporting suspicious activity."

Indeed it is, but it was only last week that the department was heavily criticized for poor security practices.

In a letter sent to Secretary of State Mike Pompeo, five US senators demanded to know why few basic security measures were in place to secure the department's systems, such as the use of multi-factor authentication (MFA). A report published by the General Service Administration (GSA) has suggested that only 11 percent of "high-value" devices used by the department had MFA enabled.

The State Department says that steps "have been taken" to secure systems and employees involved in the data breach will be given three years of free credit monitoring.

The exposure of sensitive information belonging to federal employees is appalling but does not come close to the 2015 Office of Personnel Management (OPM) data breach, in which close to 22 million employee records were exposed in two separate attacks.

"We are working with the interagency, as well as the private sector service provider, to conduct a full assessment," a State Department official told the Washington Examiner. "The Department is always actively engaged in identifying cybersecurity threats and protecting its networks. This is an ongoing investigation. We have no additional information to share at this time."

Thank You

By registering you become a member of the CBS Interactive family of sites and you have read and agree to the Terms of Use, Privacy Policy and Video Services Policy. You agree to receive updates, alerts and promotions from CBS and that CBS may share information about you with our marketing partners so that they may contact you by email or otherwise about their products or services.
You will also receive a complimentary subscription to the ZDNet's Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe from these newsletters at any time.